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Question: 1 


Match the following commands to their correct function. 


F1: export and import different revisions of the database. 
F2: export and import policy packages. 
F3: transfer Log data to an external database. 


F4: execute operations on the ICA. 
F5: invokes and monitors critical processes such as Check 
Point daemons on the local machine. 
F6: automatically export administrator definitions that were 
created in epeonfig to SmartDashboard. 


Each command has one function only listed. 


A. C1>F6; C2>F4; C3>F2; C4>F5 
B. C1>F2; C2>F1; C3>F6; C4>F4 
C. C1>F2; C2>F4; C3>F1; C4>F5 
D. C1>F4; C2>F6; C3>F3; C4>F2 


Answer: A 


Question: 2 


Which command displays the installed Security Gateway version? 


A. fw printver 
B. fw ver 

C. fw stat 

D. cpstat -gw 


Answer: B 


Question: 3 


Which command line interface utility allows the administrator to verify the Security Policy name and 
timestamp currently installed on a firewall module? 


A. cpstat fwd 
B. fw ver 
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C. fw stat 
D. fw ctl pstat 


Answer: C 


Question: 4 


Suppose the Security Gateway hard drive fails and you are forced to rebuild it. You have a snapshot 
file stored to a TFTP server and backups of your Security Management Server. What is the correct 
procedure for rebuilding the Gateway quickly? 


A. Reinstall the base operating system (i.e., GAIA). Configure the Gateway interface so that the 
Gateway can communicate with the TFTP server. Revert to the stored snapshot image, and install the 
Security Policy. 

B. Run the command revert to restore the snapshot, establish SIC, and install the Policy. 

C. Run the command revert to restore the snapshot. Reinstall any necessary Check Point products. 
Establish SIC and install the Policy. 

D. Reinstall the base operating system (i.e., GAia). Configure the Gateway interface so that the 
Gateway can communicate with the TFTP server. Reinstall any necessary Check Point products and 
previously applied hotfixes. Revert to the stored snapshot image, and install the Policy. 


Answer: A 


Question: 5 


Which of the following statements accurately describes the command upgrade_export? 


A. upgrade_export stores network-configuration data, objects, global properties, and the database 
revisions prior to upgrading the Security Management Server. 

B. Used primarily when upgrading the Security Management Server, upgrade_export stores all object 
databases and the /conf directories for importing to a newer Security Gateway version. 

C. upgrade_export is used when upgrading the Security Gateway, and allows certain files to be 
included or excluded before exporting. 

D. This command is no longer supported in GAIA. 


Answer: B 


Question: 6 


What are you required to do before running the command upgrade_ export? 


A. Run a cpstop on the Security Gateway. 

B. Run a cpstop on the Security Management Server. 
C. Close all GUI clients. 

D. Run cpconfig and set yourself up as a GUI client. 
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Answer: C 


Question: 7 


A snapshot delivers a complete GAiA backup. The resulting file can be stored on servers or as a local 
file in /var/CPsnapshot/snapshots. How do you restore a local snapshot named MySnapshot.tgz? 


A. Reboot the system and call the start menu. Select the option Snapshot Management, provide the 
Expert password and select [L] for a restore from a local file. Then, provide the correct file name. 

B. As expert user, type the command snapshot -r MySnapshot.tgz. 

C. As expert user, type the command revert --file MySnapshot.tgz. 

D. As expert user, type the command snapshot - R to restore from a local file. Then, provide the 
correct file name. 


Answer: C 


Question: 8 


What is the primary benefit of using the command upgrade_export over either backup or snapshot? 


A. upgrade_export is operating system independent and can be used when backup or snapshot is not 
available. 

B. upgrade_export will back up routing tables, hosts files, and manual ARP configurations, where 
backup and snapshot will not. 

C. The commands backup and snapshot can take a long time to run whereas upgrade_export will take 
a much shorter amount of time. 

D. upgrade_export has an option to back up the system and SmartView Tracker logs while backup 
and snapshot will not. 


Answer: A 


Question: 9 


What is the syntax for uninstalling a package using newpkg? 


. -u<pathname of package> 

. -i <full pathname of package> 

. -S <pathname of package> 

. newpkg CANNOT be used to uninstall a package 


0UOWD D> 


Answer: D 


Question: 10 


Your primary Security Gateway runs on GAi 
A. What is the easiest way to back up your Security Gateway R77 configuration, including routing and 
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network configuration files? 

A. Copying the directories SEWDIR/conf and SFWDIR/lib to another location. 

B. Using the native GAiA backup utility from command line or in the Web based user interface. 
C. Using the command upgrade_ export. 

D. Run the pre_upgrade_verifier and save the .tgz file to the directory /temp. 


Answer: B 


Question: 11 


You need to back up the routing, interface, and DNS configuration information from your R77 GAIA 
Security Gateway. Which backup-and-restore solution do you use? 


A. Manual copies of the directory SFWDIR/conf 

B. GAiA back up utilities 

C. upgrade_export and upgrade_import commands 
D. Database Revision Control 


Answer: B 


Question: 12 


You are running a R77 Security Gateway on GAi 

A. In case of a hardware failure, you have a server with the exact same hardware and firewall version 
installed. What back up method could be used to quickly put the secondary firewall into production? 
A. manual backup 

B. upgrade_export 

C. backup 

D. snapshot 


Answer: D 


Question: 13 


Before upgrading SecurePlatform to GAiA, you should create a backup. To save time, many 
administrators use the command backup. This creates a backup of the Check Point configuration as 
well as the system configuration. 

An administrator has installed the latest HFA on the system for fixing traffic problem after creating a 
backup file. There is a mistake in the very complex static routing configuration. The Check Point 
configuration has not been changed. Can the administrator use a restore to fix the errors in static 
routing? 


A. The restore is not possible because the backup file does not have the same build number 
(version). 

B. The restore is done by selecting Snapshot Management from the boot menu of GAIA. 

C. The restore can be done easily by the command restore and copying netconf.C from the 
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production environment. 
D. A backup cannot be restored, because the binary files are missing. 


Answer: C 


Question: 14 


Which operating systems are supported by a Check Point Security Gateway on an open server? Select 
MOST complete list. 


A. Sun Solaris, Red Hat Enterprise Linux, Check Point SecurePlatform, IPSO, Microsoft Windows 
B. Check Point GAiA and SecurePlatform, and Microsoft Windows 

C. Check Point GAIA, Microsoft Windows, Red Hat Enterprise Linux, Sun Solaris, IPSO 

D. Check Point GAiA and SecurePlatform, IPSO, Sun Solaris, Microsoft Windows 


Answer: B 


Question: 15 


You intend to upgrade a Check Point Gateway from R71 to R77. Prior to upgrading, you want to back 
up the Gateway should there be any problems with the upgrade. Which of the following allows for 
the Gateway configuration to be completely backed up into a manageable size in the least amount of 
time? 


A. database revision 
B. snapshot 

C. upgrade_export 
D. backup 


Answer: D 


Question: 16 


The third-shift Administrator was updating Security Management Server access settings in Global 
Properties and testing. He managed to lock himself out of his account. How can you unlock this 
account? 


A. Type fwm unlock_admin from the Security Management Server command line. 

B. Type fwm unlock_admin -u from the Security Gateway command line. 

C. Type fwm lock_admin -u <account name> from the Security Management Server command line. 
D. Delete the file admin.lock in the Security Management Server directory SFWDIR/tmp/. 


Answer: C 


Question: 17 
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The third-shift Administrator was updating Security Management Server access settings in Global 
Properties. He managed to lock all administrators out of their accounts. How should you unlock 
these accounts? 


A. Delete the file admin.lock in the Security Management Server directory SEWDIR/tmp/. 

B. Reinstall the Security Management Server and restore using upgrade_import. 

C. Type fwm lock_admin -ua from the Security Management Server command line. 

D. Login to SmartDashboard as the special cpconfig_ admin user account; right-click on each 
administrator object and select unlock. 


Answer: C 


Question: 18 


You are the Security Administrator for ABC-Corp. A Check Point Firewall is installed and in use on GAi 
A. You are concerned that the system might not be retaining your entries for the interfaces and 
routing configuration. You would like to verify your entries in the corresponding file(s) on GAIA. 
Where can you view them? Give the BEST answer. 

A. /etc/sysconfig/netconf.C 

B. /etc/conf/route.C 

C. /etc/sysconfig/network-scripts/ifcfg-ethx 

D. /etc/sysconfig/network 


Answer: A 


Question: 19 


When using GAIA, it might be necessary to temporarily change the MAC address of the interface eth 
O to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do 
you configure this change? 
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A. As expert user, issue these commands: 


# IP link set eth0O down 
# IP link set ethO addr 00:00:29:12:34:56 
# IP link set ethO up 


B. Edit the file /etc/sysconfig/netconf.C and put the new MAC address in the field 


(cont 
: (conns 
: (conn 
thwaddr (*%00:00:29:12:34:56") 


C. As expert user, issue the command: 
# IP link set ethO addr 00:0C:29:12:34:56 


D. Open the WebuI, select Network > Connections > eth0. Place the new MAC address in the field 
Physical Address, and press Apply to save the settings. 


Option A 
Option B 
Option C 
Option D 


Answer: A 


Question: 20 


Several Security Policies can be used for different installation targets. The Firewall protecting Human 
Resources’ servers should have its own Policy Package. These rules must be installed on this machine 
and not on the Internet Firewall. How can this be accomplished? 


A. A Rule Base is always installed on all possible targets. The rules to be installed on a Firewall are 
defined by the selection in the Rule Base row Install On. 

B. When selecting the correct Firewall in each line of the Rule Base row Install On, only this Firewall is 
shown in the list of possible installation targets after selecting Policy > Install on Target. 

C. In the menu of SmartDashboard, go to Policy > Policy Installation Targets and select the correct 
firewall via Specific Targets. 

D. A Rule Base can always be installed on any Check Point Firewall object. It is necessary to select the 
appropriate target directly after selecting Policy > Install on Target. 


Answer: C 
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